In the last decade, enterprises have been subjected to a long list of financial regulations and compliance mandates that aim to create transparency and eliminate corruptive business practices (e.g. Sarbanes-Oxley). Along the way, these mandates have had an impact on public companies’ sourcing practices.

As part of organizations’ path to compliance, they must maintain visibility into significant areas of spend in order to make verifiable determinations about future financial commitments. This requires having visibility into supplier/vendor contracts and the implications they will have on future purchase commitments.

The interpretation of SOX and other regulations varies, especially when it comes to its impact on procurement operations. But the expectation is clear. Public companies must be able to prove they are implementing controls that will prevent fraudulent payment practices and uncensored spending across the organization. And private companies are following suit.

As IT spending grows and its role becomes fraught with risk (e.g. information security), a need has arisen for greater risk controls within the IT vendor contracting process. It’s no longer acceptable to conduct “bar napkin” deals behind closed doors. More companies are seeking ways to confirm the financial viability of their vendors, ensure service levels, assure contract pricing is aligned with fair market value rates and avoid using non-standard contract terms.

To do this, best-in-class IT sourcing groups are turning to third-party sourcing experts for validation in these areas. These experts have visibility into a broad range of vendor deals and are able to objectively evaluate whether contract pricing and terms are within fair market value range.

In the past, IT and procurement groups have been reluctant to seek outside expertise. However, this is changing. The most effective IT procurement organizations seek agility in the face of new IT initiatives, market transactions and compliance pressures. Instead of relying on the limited scope of their internal experience and data, they are turning to outside resources for peer-based, objective market intelligence. This is no different than the relationship between the finance department and the CPA. In each of these situations, internal experts seek objective data and insight to reduce risk.

IT risk management will continue to be a top priority for public and private businesses. Tackling the challenge starts with validating the data that informs the sourcing process.